Merge branch 'caddy-cloudflare-pkg'

2025-10-12 22:23:16 +00:00 · 2025-10-12 17:26:05 +00:00
parent 85f09b1126 b98c3f04ab
commit 839ca079c2
3 changed files with 24 additions and 4 deletions
--- a/pkgs/caddy/package.nix
+++ b/pkgs/caddy/package.nix
@@ -0,0 +1,22 @@
+# Caddy with Cloudflare DNS
+
+{
+  pkgs,
+  fetchFromGitHub,
+  ...
+}:
+
+# Maintain a static version so that the plugin hash doesn't keep breaking
+(pkgs.caddy.overrideAttrs rec {
+  version = "2.10.2";
+  src = fetchFromGitHub {
+    owner = "caddyserver";
+    repo = "caddy";
+    tag = "v${version}";
+    hash = "sha256-KvikafRYPFZ0xCXqDdji1rxlkThEDEOHycK8GP5e8vk=";
+  };
+}).withPlugins
+  {
+    plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
+    hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
+  }
--- a/platforms/nixos/modules/nmasur/presets/services/bind.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/bind.nix
@@ -24,6 +24,7 @@ let
    hostnames.download
    hostnames.photos
    hostnames.audiobooks
+    hostnames.paperless
  ];
  mkRecord = service: "${service}       A       ${localIp}";
  localRecords = lib.concatLines (map mkRecord localServices);
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
@@ -66,10 +66,7 @@ in
    nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges;

    # Tell Caddy to use Cloudflare DNS for ACME challenge validation
-    services.caddy.package = pkgs.caddy.withPlugins {
-      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
-      hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
-    };
+    services.caddy.package = pkgs.nmasur.caddy;
    nmasur.presets.services.caddy.tlsPolicies = [
      {
        issuers = [